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PENDING CLAIMS AS AMENDED 

The listing of claims will replace all prior versions, and listings, of claims in the application: 

Claim 1 (Previously Presented): A communications method for use in a system 
comprising a first, second and third nodes, and a first secret, said first secret being shared 
between the first and second nodes to secure communications between said first and second 
nodes, the method comprising: 

operating the first node to establish a secure communications session with said second 

■* 

node using the first shared secret to secure the contents of packets communicated from the first 
node that are directed to the second node as part of the secure communications session, packets 
communicated from the first node that are directed to the second node being addressed to said 
second node by use of a second node destination address; 

operating a third node which is coupled to said first and second nodes to maintain in 
memory a copy of said first shared secret; and 

operating the third node to receive a secure flow of packets from the first node that are 
directed to said second node as part of the secure communications session. 

Claim 2 (Original): The method of claim I, further comprising: 

operating the third node to receive from said second node the first shared secret and to 

store the first shared secret in memory, said received first shared secret being encrypt us * n S a 

second shared secret known to the second and third nodes. 

Claim 3 (Original): The method of claim 2, further comprising: 

operating said third node to receive and process packets sent from said first node as pan 
of said established communications session, said third node sending a message to the first node 
indicating successful receipt of packets by said second node. 
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Claim 4 (Original): The method of claim 3, wherein said third node uses said first shared 
secret to secure the message to the first node. 

Claim 5 (Previously Presented); The method of claim 4, wherein said third node operates 
as an application proxy for said second node during said secure communications session without 
informing said first node that the third node is acting as a proxy in the place of said second node. 

Claim 6 (Original): The method of claim 5, further comprising: 
operating the third node to transmit information obtained from said communications 
session while said third node was acting as a proxy for said second node to said second node; and 
operating the second node to continue the secure communications session with the first 

node. 

Claim 7 (Original): The method of claim 1, further comprising: 

operating the third node to inspect the secure packet flow from the first node, said step of 
inspecting said secure packet flow including performing at least one of a group of security steps 
which use the first shared secret, said group of security steps comprising: decrypting a packet, 
integrity checking contents of a packet, and authenticating a sender of a packet. 

Claim 8 (Original): The method of claim 7, further comprising: 

operating the third node to drop the packet from the packet flow if the performed at least 
one of the group of security checks fails. 

Claim 9 (Original): The method of claim 7. further comprising: 
operating the third node to additionally process the packets from the packet flow if no 
performed security check in said group of security checks fails. 

Claim 1 0 (Original): The method of claim 9, further comprising: 
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operating the third node to identify a packet with a disallowed packet pay load by 
comparing at least a portion of the payload of each packet in the packet flow to information 
indicating allowed packet payloads. pay loads of a type which are not indicated by said 
information being disallowed packet payloads. 

Claim 1 1 (Original): The method of claim 10 ? further comprising: 

operating the third node to drop an identified packet with a disallowed packet payload. 

Claim 12 (Original): The method of claim 10, further comprising: 

operating the third node to modify the packet payload of packets identified to include a 

disallowed packet payload based on stored information indicating payload modifications to be 

made to disallowed packet payloads. 

Claim 13 (Original): The method of claim 12, wherein the modified payload generated 
by modifying a packet payload includes a message indicating that an erroneous payload was 
detected at the third node. 

Claim 14 (Original): The method of claim 10 ; further comprising: 
operating the third node to process at least two packets in the packet flow to produce at 
least a third packet. 

Claim 15 (Original): The method of claim 9, further comprising; 

operating the third node to generate an additional packet flow from the received packet 
flow directed to the second node and to forward the additional packet flow to the second node, 
packets in said additional packet flow having a source address corresponding to the first node and 
a destination address corresponding to the second node, said step of generating an additional 
packet flow including at least one of a group of security steps which use the first shared secret, 
the group of security steps consisting of: encrypting a packet, adding an integrity check for the 
contents of the packet, and adding an authenticator check for the packet sender. 
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Claim 16 (Original): The method of claim 1, wherein the second and third nodes each 
include a second secret used to secure communications between the third node and the second 
node, the method further comprising: 

operating the third node to generate an additional packet flow from the received packet 
flow directed to the second node and to forward the additional packet flow to the second node, 
packets in said additional packet flow having a source address corresponding to the third node 
and a destination address corresponding to the second node, said step of generating an additional 
packet flow including at least one of a group of security steps which use the second shared secret, 
the group of security steps consisting of: encrypting a packet, adding an integrity check for the 
contents of the packet, and adding an authenticator check for the packet sender. 

Claim 17 (Original): The method of claim 16, further comprising: 
operating the second node to communicate the first shared secret to the third node, the 
first shared secret being encrypted using the second shared secret. 

Claim 18 (Original): The method of claim 17. farther comprising: 
mutually authenticating the second and third nodes prior to the second node transmitting 
the first shared secret to the third node. 

Claim 19 (Previously Presented): A communications system, comprising: 

a first node including a first shared secret and a communications application for 
establishing a secure communications session using said first shared secret to secure packets 
communicated as part of said secure communications session; 

a mobile node including said first shared secret, a second shared secret, and at least one 
communications application for maintaining a secure communications session with said first 
node using said first shared secret; 

an intermediate node, coupled to said first node and said mobile node, said intermediate 
node including said first shared secret and said second shared secret, said intermediate node 
including: 
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means for processing packets re-directed away from said mobile node to said 
intermediate node, said redirected packets being packets which were Originally directed 
by said first node towards said mobile node as part of a secure communications session 
using said first shared secret; and 

means for sending a message to said first node secured by said first shared secret 
indicating successful receipt of said packets by said mobile node. 

Claim 20 (Original): The communication system of claim 19. wherein said intermediate 
node further includes: 

means for communicating information generated by processing packets directed to said 
mobile node to said mobile node in packets secured using said second shared secret, said 
information being the result of application processing performed on the payload of at least two 
data packets to generate information not present in either of the two data packets. 

Claim 21 (Original): The communication system of claim 20, wherein the mobile node 
includes means for sending said first shared secret to said intermediate node in an encrypted 
format resulting encryption processing using said second shared secret. 

Claim 22 (Previously Presented): A communications system for use with a second node, 
said communications system comprising: 
a first node including: 

memory means for storing a first secret, said first secret being shared 
between the first node and the second node to secure communications between 
said first and second nodes; and 

means for establishing a secure communications session with said second 
node using the first shared secret to secure the contents of packets communicated 
from the first node that are directed to the second node as part of a secure 
communications session; 
a third node, coupled to said first and second nodes, the third node including: 
memory means for storing a copy of said first shared secret; and 
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means for receiving a secure flow of packets from the first node that are 
re-direcled away from said second node to said third node, said redirected packets 
being packets which were Originally directed to said second node as part of the 
secure communications session. 

Claim 23 (Previously Presented): The communication system of claim 22, wherein said 

third node further includes: 

means for receiving from said second node the first shared secret; and 

means for storing the first shared secret in memory, said received first shared secret being 

encrypted using a second shared secret known to the second and third nodes. 

Claim 24 (Previously Presented): The communications system of claim 22, wherein said 
first node is a mobile node. 

Claim 25 (Previously Presented): A method of operating a third node in a system 
comprising a first node, a second node and said third node, a first secret being shared between the 
first and second nodes to secure communications between said first and second nodes, the 
method comprising: 

receiving from said second node the first shared secret; 

storing said first shared secret in memory; and 

receiving a secure flow of packets from the first node that are re-directed away from said 
second node to said third node, said redirected packets being packets which were Originally 
directed to said second node as part of the secure communications session. 

Claim 26 (Previously Presented): The method of claim 25, wherein said received first 
shared secret is received in an encrypted form, said first shared secret having been encrypted 
using a second shared secret known to the second and third nodes. 

Claim 27 (Previously Presented): The method of claim 25, further comprising: 
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processing packets received from said first node which are part of said established 
communications session: and 

sending a message to the first node indicating successful receipt of packets by said second 

node. 

Claim 28 (Previously Presented): The method of claim 27, wherein said third node uses 
said first shared secret to secure the message to the first node. 

Claim 29 (Previously Presented): The method of claim 28, wherein said third node 
operates as an application proxy for said second node during a portion of said secure 
communications session without informing said first node that the third node is acting as a proxy 
in the place of said second node. 

Claim 30 (Previously Presented): The method of claim 29, further comprising: 
transmitting information obtained from said communications session while said third 
node was acting as a proxy for said second node to said second node. 

Claim 31 (Previously Presented): The method of claim 25, further comprising: 

using said first shared secret to decrypt a packet included in said secure flow of packets. 

Claim 32 (Previously Presented): The method of claim 31, further comprising: 
processing said decrypted packet; and 

communicating the result of processing said decrypted packet to said second node in an 
encrypted packet. 

Claim 33 (Previously Presented): The method of claim 25, further comprising: 
processing at least two packets in the secure flow of packets to produce at least a third 
packet; and 

communicating the third packet to the second node. 
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Claim 34 (Previously Presented): A third node in a system comprising a first node, a 
second node and said third node, a first secret being shared between the first and second nodes to 
secure communications between said first and second nodes, the third node comprising: 

a receiver for receiving from said second node the first shared secret; 

memory in which said first shared secret is stored; and 

an agent module for receiving a secure flow of packets from the first node that are re- 
directed away from said second node to said third node, said redirected packets being packets 
which were Originally directed to said second node as part of the secure communications session. 

Claim 35 (Previously Presented): The third node of claim 34, wherein said received first 
shared secret is received in an encrypted form, said first shared secret having been encrypted 
using a second shared secret known to the second and third nodes. 

Claim 36 (Previously Presented): The third node of claim 34, wherein said agent module 
includes: 

a proxy module for processing packets received from said first node which are part of 
said established communications session and sending a message to the first node indicating 
successful receipt of packets by said second node. 

Claim 37 (Previously Presented): A third node in a system comprising a first node, a 
second node and said third node, a first secret being shared between the first and second nodes to 
secure communications between said first and second nodes, the third node comprising: 

receiver means for receiving from said second node the first shared secret; 

memory means for storing said first shared secret; and 

agent means for receiving a secure flow of packets from the first node that are re-directed 
away from said second node to said third node, said redirected packets being packets which were 
Originally directed to said second node as pan of the secure communications session. 
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Claim 38 (Previously Presented): The third node of claim 37, wherein said received first 
shared secret is received in an encrypted form, said first shared secret having been encrypted 
using a second shared secret known to the second and third nodes. 

Claim 39 (Previously Presented): The third node of claim 37, wherein said agent means 
includes 

proxy means for processing packets received from said first node which are part 
of said established communications session and sending a message to the first node indicating 
successful receipt of packets by said second node. 

Claim 40 (Previously Presented): A machine readable medium including computer 
executable instructions for controlling a third node in a system comprising a first node, a second 
node and said third node, a first secret being shared between the first and second nodes to secure 
communications between said first and second nodes, to perform a communications method 
including the steps of: 

receiving from said second node the first shared secret; 

storing said first shared secret in memory; and 

receiving a secure flow of packets from the first node that are re-directed away from said 
. second node to said third node, said redirected packets being packets which were Originally 
directed to said second node as part of the secure communications session. 

Claim 41 (Previously Presented): The machine readable medium of claim 40, wherein 
said received first shared secret is received in an encrypted form, said first shared secret having 
been encrypted using a second shared secret known to the second and third nodes. 

Claim 42 (Previously Presented): The method of claim 1, wherein the second node 
destination address is a Home Address of the second node. 

Claim 43 (Previously Presented): A communications method for use in a system 
comprising a first node, a second node and a third node, and a first secret, said first secret being 
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shared between the first and second nodes to secure communications between said first and 
second nodes, the method comprising: 

operating the first node to establish a secure communications session with said second 
node using the first shared secret to secure the contents of packets communicated from the first 
node that are directed to the second node as part of the secure communications session; 

operating a third node which is coupled to said first and second nodes to maintain in 
memory a copy of said first shared secret; and 

operating the third node to receive a secure flow of packets from the first node that are re- 
directed away from said second node to said third node, said redirected packets being packets 
which were Originally directed to said second node as part of the secure communications session. 

Claim 44 (Previously Presented) The method of claim 43, wherein packets 
communicated from the first node that are directed to the second node as part of the secure 
communications session include a Home Address of the second node as a destination address 
prior to said re-direction. 

Claim 45 (Previously Presented): The method of claim 43, further comprising: 
operating the third node to receive from said second node the first shared secret and to 

store the first shared secret in memory, said received first shared secret being encrypted using a 

second shared secret known to the second and third nodes. 

Claim 46 (Previously Presented): The method of claim 43, further comprising: 
operating said third node to send a message to the first node indicating successful receipt 
of packets by said second node, in response to received redirected packets. 

Claim 47 (Previously Presented): A communications method for use in a system 
comprising a first node, a second node and a third node, and a first secret, said first secret being 
shared between the first and second nodes to secure communications between said first and 
second nodes, the third node being on a communications path extending between said first and 
second nodes, the method comprising: 
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operating the first node to establish a secure communications session with said second . 
node using the first shared secret to secure the contents of packets communicated from the first 
node that are directed to the second node as part of the secure communications session; 

operating a third node which is coupled to said first and second nodes to maintain in 
memory a copy of said first shared secret; 

operating the third node to receive a secure flow of packets from the first node that are 
directed to said second node as part of the secure communications session; and 

operating the third node to intercept and process said recei ved secure flow of packets 
from the first node. 

Claim 48 (Previously Presented) The method of claim 47 wherein packets directed to 
said second node include as a destination address a Home Address of the second node. 

Claim 49 (Previously Presented): The method of claim 47, further comprising: 
operating the third node to transmit another packet flow, said another packet flow 

including as a source address an address corresponding to the second node and including packets 

generated from said intercepted packets. 

Claim 50 (Previously Presented): The method of claim 47, further comprising: 
operating the third node to receive from said second node the first shared secret and to 

store the first shared secret in memory, said received first shared secret being encryp tcd usin S a 

second shared secret known to the second and third nodes. 

Claim 51 (Previously Presented): The method of claim 47, further comprising: 
operating said third node, in response to receiving packets in said secure flow of packets, 
to send a message to the first node indicating successful receipt of packets by said second node. 
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